Delete shared or group user IDs, and give individual user IDs to each user who needs access to the network-connected KVM switch. Local KVM switches at the enterprise level have extensive management and other security features for users and other security features that meet most government and military security requirements, including FIPS encryption, UL certification, CAC (Common Access Card) authentication and PIV. KVM switches, which can only be accessed using a local or advanced user console and to which no connected IP network can be accessed, are inherently safer because fewer entry points are created. If the KVM switch is configurable, the reviewer, with the help of security data verification, will attempt to change the configuration with a random password and no password. If the reviewer is able to change the configuration with a random password or not, that is a finding. Note: The emphasis here is on protecting the configuration and not the technique, if the configuration is protected based on a user-ID/preferred password connection or by a DoD PKI (for network-connected KVM switches), this meets this requirement. The warning banner warns the user that they are accessing a DoD system, and they agree to have their actions monitored. Without this banner, it is difficult to prosecute those who violate THE restrictions of use imposed by ISIS. The Security Features Use Guide (SFUG) provides the user with a single source to find security policies and guides on the user`s security responsibility. The general policies and user responsibilities applicable to A/B switches and all local security policies are placed in the SFUG document or in a similar document. ISSO manages and distributes to users a SFUG describing the correct use of an A/B switch and the user`s responsibilities. A signed user agreement is proof that the user has been informed of its security liability when using an A/B switch.
The ISSO will maintain written user agreements for all users authorized to use an A/B switch. Users who do not need access to IS can endanger sensitive data. ISSO ensures that the KVM switch is configured to limit a user`s access to the systems they need. Without banners to identify the information system on which the KVM switch is currently operating, the user could enter an order on the erroneous information system and create a denial of service, or the user could insert data into the wrong system, causing either a security incident (data introduced into an incorrect classification system) or a risk to sensitive data. The SFUG (Security Features User Guide) or an equivalent document describes the user`s security responsibility, including site requirements. This gives the user a single reference source for initial indoctrination and for further verification. The distribution of SFUG reduces security vulnerabilities resulting from the user`s lack of knowledge of the policies or procedures required by the site. If you keep this document up to date, the user will have the current policies and procedures. IsSO manages and distributes to users an SFUG or equivalent document describing the correct use of the switch and the user`s responsibilities.
If you use an A/B switch to change a device between two or more users, there is always a risk if the device is connected to the wrong IS. An example would be a scanner that is commonly used by two systems equipped with an A/B switch. If the user presses the scanning button, if the A/B switch is shown on another DEE device, the document is scanned in the wrong system. This could lead to a compromise on sensitive data. ISSO or SA ensure that an A/B switch is not used to divide a device between two or more users. Security has come a long way in.